7 April 2008 - Lost Disk Holds Data on 370,000 HSBC Customers
The UK's Financial Services Authority will investigate the loss of a
disk containing personally identifiable information of 370,000 HSBC
customers. The compromised data include names, dates of birth, and life
insurance information, but no bank account information. The disk was
being sent from HSBC to a reinsurance firm. The disk was not encrypted.
Normally, the data are transferred electronically, but because the
system was down, HSBC sent the information on disk through the post.
http://www.vnunet.com/vnunet/news/2213667/hsbc-lose-370-customer-details
7 April 2008 - Pfizer Data Security Breach
Pfizer has experienced another data security breach. A laptop stolen
from a contractor's home contains personally identifiable information
of approximately 800 current and former Pfizer employees and
contractors. The data include names, credit card numbers, and card
expiration numbers. The theft occurred on February 7, 2008; an incident
notification letter the company sent to attorneys general in several
states was dated March 19. In 2007, Pfizer suffered four data security
breaches that compromised personally identifiable information of more
than 52,000 individuals.
http://www.theday.com/re.aspx?re=6b8c60cf-8fa2-43f1-9238-6dba8792cfa3
3 April 2008 - Software Engineer Indicted for Theft of Trade Secrets
Hanjuan Jin, a former software for a Chicago-based telecommunications
company, has been indicted for allegedly stealing trade secrets from a
telecommunications company and attempting to take the data to China.
When her luggage was searched at O'Hare International Airport in
Chicago, authorities discovered confidential technical documents and
computer memory devices holding documents that belong to an unnamed
company. Customs agents retained the documents and equipment. The
intellectual property in the case is estimated to be worth US $600
million.
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=207001607
7 April 2008 - Kraken Botnet Twice as Large as Storm
The Kraken botnet is believed to be more than twice the size of the
Storm botnet. Just 20 percent of antivirus (AV) packages are presently
detecting Kraken, which comprises more than 400,000 zombie machines;
Kraken is hard to detect because its code morphs. Researchers are still
trying to determine how Kraken works its way into apparently
well-fortified systems. One known technique it uses is to copy itself
to infected computers' hard drives in an altered form that can be used
to reinfect the machine if AV programs are eventually able to identify
the original file. The Kraken botnet is used primarily to send spam.
Internet Storm Center:
http://isc.sans.org/diary.html?storyid=4256
7 April 2008 - NIH Workers May Not Store Sensitive Data on MacBooks
A National Institutes of Health (NIH) agency memo forbids employees from
storing sensitive data on MacBook laptop computers. As of April 4, all
NIH laptops running Windows or Linux operating systems must have the
Pointsec encryption tool; Windows Vista users may also use that
operating system's BitLocker disk encryption tool. There is presently
a beta version of Pointsec for MacBooks, but not an approved version.
The ban on MacBooks holding sensitive data applies to contractors as
well as in-house employees.
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=207001840
3 April - US Legislator's Data is on Missing NIH Computer
A US legislator whose personal information is on a laptop computer
stolen from a National Institute of Health (NIH) researcher's car wants
the inspector general at the Department of Health and Human Services to
conduct an investigation. Among the questions Representative Joe Barton
(R-Tex.) wants answered is whether or not NIH has an effective means of
contacting individuals affected by such a breach; at least one person
did not learn his information was on the computer until he contacted NIH
himself. It is also unclear whether or not the laptop was encrypted and
why the initial estimate of affected individuals fell short by 500.
http://www.washingtonpost.com/wp-dyn/content/article/2008/04/02/AR2008040203371_pf.html
1 April 2008 - Laptop Hacked in Contest Makes Brief Appearance on eBay
The man who won a laptop computer he hacked in a contest at the
CanSecWest conference last week made a short-lived attempt to sell the
machine on eBay. Shane Macaulay had offered the Fujitsu U810 Windows
Vista-equipped laptop, saying that it was possible his exploit code
could be derived from the machine. eBay removed the listing because
they do not allow the sale of "anything that would do harm." Macaulay
also received a US $5,000 cash prize for his successful hack of the
computer. Macaualy's attack exploited a flaw in Adobe Flash Player.
Adobe researchers say they knew of the flaw before Macaulay's attack and
that they plan to patch it later this month.
http://www.nytimes.com/idg/IDG_002570DE00740E180025741E005FFB74.html?ref=technology&pagewanted=print
26 March 2008 - 42 Months in Prison for Data Theft and Card Fraud
Former Compass Bank programmer James Kevin Real was sentenced to 42
months in prison for stealing a hard drive containing customer data and
using them to commit identity fraud. Real was also ordered to repay
more than US $32,000 that he and an accomplice stole from customers'
accounts. Real used the stolen data to create 250 phony debit cards;
he used 45 of them to commit fraud. Court documents indicate the data
were stolen in May 2007 and that the fraud occurred in June and July
2007. Alabama is just one of 11 states that do not require consumer
notification of personal data breaches.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9072198&source=rss_topic17
24 March 2008 - Stolen Laptop Holds NIH Clinical Trial Data
A laptop computer containing unencrypted personal information of 2,500
National Institutes of Health (NIH) study participants was stolen from
a locked car trunk in February. NIH waited nearly a month before
notifying affected individuals. The clinical trial information includes
names, diagnoses, hospital medical record numbers and MRI data, but no
Social Security numbers (SSNs) or financial information. Government
policy requires that portable electronic devices have encryption
software. An NIH statement indicates that the agency is taking steps to
ensure that all devices have encryption and that personally identifiable
information not be stored on laptops.
http://www.washingtonpost.com/wp-dyn/content/article/2008/03/23/AR2008032301753_pf.html
22 Match 2008 - Stolen Computer Holds Unencrypted Agilent Employee Data
Agilent Technologies has sent letters to 51,000 current and former
employees notifying them that their personally identifiable information
was on a laptop computer that was stolen on March 1. The unencrypted
data include names, addresses, SSNs, and stock option information. The
laptop was stolen from a vendor's car; Agilent's letter places the blame
on that vendor - Stock & Option Solutions - for not encrypting the data.
A former employee who received a notification letter said, "Agilent
should have put all of the data into an encrypted format to begin with."
http://www.mercurynews.com/peninsula/ci_8660115
20 March 2008 - Former Employee Gets Probation for Destructive Cyber Intrusion
Joseph Patrick Nolan was sentenced to four years probation for breaking
into his former employer's computer system and destroying data. Nolan
destroyed records from Pentastar Aviation's personnel and payroll
operations, costing the company more than US $50,000. Nolan was also
ordered to pay Pentastar US $1,158. Nolan resigned from Pentastar in
January 2007; the intrusion occurred in February of that year. He was
then employed by the city of Ann Arbor's Information Technology
Department until May 2007.
http://blog.mlive.com/annarbornews/2008/03/ann_arbor_man_to_serve_probati.html
18 March 2008 - 51-Month Sentence for Stealing Data Through Limewire
Gregory Kopiloff has been sentenced to 51 months in prison for
stealing personally identifiable information of 50 people through
P2P (peer-to-peer) filesharing programs. Kopiloff pleaded guilty
to mail fraud, computer hacking, and aggravated identity theft.
Kopiloff accessed tax returns, credit reports, bank statements and
other financial documents through the Limewire filesharing program.
He then obtained credit cards with the information and ran up US
$76,000 in fraudulent charges. Kopiloff will be on probation for three
years following his release and was also ordered to pay compensation.
http://www.theregister.co.uk/2008/03/18/p2p_highwayman_jailed/print.html
13 March 2008 - Lost and Found Memory Stick Holds Police Data
A passerby in Hertfordshire, England found a memory stick in the gutter
that contained confidential police information. The unencrypted data
included the names and addresses of offenders as well as the types of
vehicles they drive and details about their offenses. A police
spokesperson acknowledged that a device was lost on March 5 and turned
in several hours later.
http://www.thecomet.net/content/comet/news/story.aspx?brand=CMTOnline&category=News&tBrand=herts24
&tCategory=newscomnew&itemid=WEED13%20Mar%202008%2010%3A22%3A10%3A867
11 March 2008 - MTV Data Breach Exposes 5,000 Employees' Personal Data
A compromised Internet connection on an MTV Networks employee's computer
led to a data breach that exposed personally identifiable information
of approximately 5,000 MTV employees. The data include names, Social
Security numbers (SSNs), and compensation information. Someone external
to the company breached the files, though it is unclear whether the
files were opened. MTV is conducting an internal investigation and
employees have been notified.
http://www.nytimes.com/2008/03/08/technology/08data.html?_r=1&oref=slogin&ref=business&pagewanted=print
11 March 2008 - 40,000 NY Insurance Subscribers' Data on Lost Computer
Forty thousand members of HealthNow New York have been notified that
their personal information was on a laptop that has been missing for
several months. The data include names, dates of birth, SSNs, employer
group names and health insurance identifier numbers, but not health or
medical claim information. HealthNow does not plan to issue new
identification numbers to all affected members, but will comply with
individuals' requests to do so. The laptop was not encrypted, and the
organization has severed the computer's access to the corporate network.
http://www.buffalonews.com/145/story/296415.html
10 March 2008 - Music Labels Want Irish ISP to Help Fight Piracy
Irish Internet service provider (ISP) Eircom may be compelled to take
steps to prevent illegal music downloading if four major record labels
have their way. The four - EMI Records (Ireland) Ltd, Sony BMG Music
Entertainment (Ireland) Ltd, Universal Music (Ireland) Ltd, and Warner
Music (Ireland) Ltd - have brought a High Court action in an attempt to
force the ISP to use technology specially designed to identify and stop
the illegal activity. Eircom has thus far refused to employ
technological filtering and blocking technologies to stop illegal
downloads. One record company executive cited a 30 percent drop in
sound recording sales since 2001.
http://www.rte.ie/news/2008/0310/download.html
8 March 2008 - Brothers Receive Prison Sentences for Selling Pirated Software
Brothers Maurice A. Robberson and Thomas K. Robberson have been
sentenced to prison for selling pirated software online. Together, the
brothers made more than US $1 million by selling counterfeit software
worth more than US $6.5 million. Both men have agreed to forfeit all
they earned from their business. Maurice was sentenced to three years
in prison, while Thomas received a sentence of 30 months. Two other
people involved on the scheme have already been sentenced. The pirated
software included products from Adobe Systems, Autodesk, and Macromedia.
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9067418&source=rss_topic17
6 march 2008 - Man Indicted in South Korea for Intellectual Property Crimes
A former LG Electronics employee has been arrested and indicted for
giving technology from LG to a Chinese company, according to South
Korean prosecutors. The man, identified only as Jeong, allegedly took
a portable hard drive with information about plasma display technology
when he left the company and later gave the information to his new
employer, the Chinese company COC. Another former LG employee and one
who still works for the company have also been indicted for assisting
Jeong. LG maintains that the theft and sharing of the proprietary
information could cost the company as much as 1.3 trillion won (US $1.35
billion).
http://english.donga.com/srv/service.php3?bicode=040000&biid=2008030681038
6 March 2008 - Children's Personal Data on Stolen Memory Stick
A memory stick plugged into a laptop computer stolen from a Shropshire
(UK) medical center holds personally identifiable information of more
than 200 children. The computer "had been fitted with encryption
software to comply with ... NHS security standards" and its remote
access has been disabled to prevent it from connecting to the NHS
network. It also had tracking technology installed. The data on the
memory stick include names, dates of birth, addresses and information
about the treatment they received for speech and language therapy.
Patients and their families were notified promptly.
http://www.shropshirestar.com/2008/03/05/details-on-200-children-stolen/
4 March 2008 - Judge Allows RIAA to Subpoena Univ. to Obtain Students' Identities
A federal judge has granted a request from the Recording Industry
Association of America (RIAA) to subpoena the University of Arizona (UA)
to surrender information identifying 14 students the RIAA believes have
violated copyright law. Universities usually have 30 days to comply
with the subpoenas; the RIAA is likely to contact UA within the next
week. The RIAA sent 14 prelitigation letters to the university in early
December; the students have been identified only as John Does. UA
decided not to send those letters on to the students.
http://www.azstarnet.com/metro/228226
3 March 2008 - NJ Legislator Wants investigation Into Stolen Insurance Company Laptop
New Jersey State Senator Kevin O'Toole (R-40) has called for a hearing
to investigate the circumstances surrounding the theft of a laptop that
holds personally identifiable information of more than 300,000 Horizon
Blue Cross/Blue Shield of New Jersey subscribers. The computer was
stolen from an employee's home in January. Senator O'Toole wants to
know how many other laptops hold Horizon subscriber data and wants
Horizon's data privacy practices closely examined. Horizon has said that
security procedures designed to protect data were not followed in this
instance.
http://www.politickernj.com/o%E2%80%99toole-renews-call-immediate-investigation-horizon-blue-crossblue-shield-data-breach-16933
3 March 2008 - Encryption Pays Off for VA
Security measures put in place at the Veterans Affairs department (VA)
after the widely publicized theft of computer equipment in 2006 have
proven to be effective. A laptop stolen last month from the home of an
employee at the VA's Austin (TX) Corporate Data Center was encrypted,
and department officials knew precisely what data were on the computer.
The employee had permission to have the computer at home and had locked
it down to furniture.
http://www.fcw.com/online/news/151810-1.html?type=pf
SAI Note: It's nice to finally see a positive awareness news story!!!
3 March 2008 - Virginia Supreme Court Upholds Spammer's Conviction
By a vote of 4-3, the Virginia Supreme Court upheld the felony
conviction of Jeremy Jaynes, who in 2004 was found guilty of spamming
and sentenced to nine years in prison; it was the first felony
conviction for spamming in the US. Jaynes and his lawyer maintained
that the Virginia law under which he was convicted violates both the
First Amendment and the interstate commerce clause of the US
Constitution, but the court rejected those claims.
http://www.informationweek.com/security/showArticle.jhtml?articleID=206901389&cid=RSSfeed_TechWeb
1 March 2008 - Prison Time for Data Thieves
Two people have received prison sentences for their roles in a data
theft scheme that victimized patients of the Kelsey-Seybold Clinic in
Houston, Texas. Former insurance analyst Kretia Lutriel Griffin stole
personal data belonging to approximately 200 of the clinic's patients.
She sold them to Aubry Johnson, who used the information to open charge
accounts at various stores. Johnson was sentenced to seven years in
prison for access device fraud and aggravated identity theft. Griffin
received a two-year sentence for conspiracy. The clinic has notified
patients whose data were compromised. A clinic spokesperson said that
no medical data were involved. http://www.chron.com/disp/story.mpl/headline/metro/5583753.html
25 February 2008 - Workers Often Peek at Customer Data
Documents made public in a lawsuit indicate that employees throughout
Wisconsin utility company WE Energies were accessing data about friends,
family members, politicians, and others. Several years ago, a WE
Energies employee leaked information about a mayoral candidate.
Following that incident, the company began paying closer attention to
which accounts its employees were accessing; 17 people were fired
between 2005 and 2007. Federal agencies are struggling with similar
problems.
http://ap.google.com/article/ALeqM5ghPenZUJTE7BfSfgQbj6RX597DEAD8V019TG0
http://www.securityfocus.com/brief/687
25 February 2008 - Stolen Laptop Contained Psychiatric Patient Data
A laptop computer stolen from a NHS doctor's home in 2005 held extremely
sensitive medical information about 190 psychiatric patients. The
computer is one of approximately 180 devices reported missing or stolen
from public institutions in the Lothians region of Scotland over the
last five years.
http://news.scotsman.com/scotland/Patients39-medical--histories-stored.3811245.jp
23 February 2008 - Woman Indicted on HIPAA Violation
An Oklahoma woman has been indicted on charges of violating the Health
Insurance Portability and Accountability Act (HIPAA). The federal
indictment alleges that Leslie A. Howell provided patient information
from an unnamed counseling center to two individuals, knowing that they intended to use the information to commit "access device fraud" and
identity theft. If she is convicted of charges against her, Howell
could face up to 10 years in prison and a fine of up to US $250,000.
http://www.kten.com/global/story.asp?s=7914206
18 February 2008 - Woman Fined for Intercepting Nanny Agency eMail
A woman has been fined GBP 500 (US $975) for reading email messages from
her previous employer's account. Susan Holmes had worked for a nanny
agency that accepted registration forms through an AOL email account.
The company neglected to change the account password after Holmes left,
which allowed her access to the information. The company became
suspicious after a noticeable decline in the amount of email they
received on the account in the first few months of 2007. AOL
connections logs revealed IP addresses that eventually led to Holmes
being identified as the culprit. Last week, she pleaded guilty to
unauthorized access to a computer, in violation of section one of the
Computer Misuse Act 1990.
http://www.theregister.co.uk/2008/02/18/nanny_agency_hack_conviction/print.html
16 February 2008 - Former Intern Arrested for Allegedly Accessing City eMail
A former intern for a San Jose (CA) city councilman has been arrested
for breaking into the city's email system. Eric Hernandez worked as an
intern for Councilman Sam Liccardo; during his work there, he created
email accounts for Liccardo's staff and knew the account passwords.
Hernandez was allegedly trying to find information about another
Liccardo staff member with whom he was angry; he planned to give the
information to a blog and a newspaper. Hernandez faces up to three years
in prison for the felony charge made against him.
http://www.mercurynews.com/valley/ci_8280565
15 February 2008 - Halifax Bank Blocks Credit Card Payments to WoW Publisher
The UK's Halifax bank has decided to block credit card payments to World
of Warcraft publisher Blizzard Entertainment after noting that an
unusually large number of payments being made through the company's
gaming sites involved stolen credit card information. Customers who
want to subscribe to Blizzard game sites with Halifax or Bank of
Scotland credit cards can contact the bank and make arrangements for the
payments to go through. It is not apparent that other banks or
financial institutions have followed Halifax's lead.
http://www.theregister.co.uk/2008/02/15/halifax_blizzard_block/print.html
14 February 2008 - Nine Sued for Selling Pirated Software on eBay
The Software & Information Industry Association has filed lawsuits
against nine people for allegedly selling pirated software on eBay. The
lawsuits were filed on behalf of Symantec and Adobe as part of SIIA'a
Auction Litigation Program, which offers rewards in the form of credit
toward legitimate copies of software to people who turn in those selling
the counterfeit software. The SIIA's antipiracy program has already
helped them catch other sellers of counterfeit software.
http://www.channelregister.co.uk/2008/02/14/ebay_pirate_auctions/print.html
14 February 2008 - Bloodbank Donor Information on Missing Computers
Approximately 320,000 people who donated blood through Lifeblood in
Memphis are at risk of identity fraud after two laptop computers were
reported missing from the company. Lifeblood has enhanced its security
practices since the incident. Areas where laptops are kept now have
more stringent access restrictions as well as closed circuit monitoring.
Software installed on company laptops allows their locations to be
tracked remotely and provides a means for erasing the computers' hard
drives should they be lost or stolen. Finally, the company has altered
the programming so that complete Social Security numbers (SSNs) are not
downloaded to mobile computers. The missing computers were reported to
Lifeblood management in early January; the company decided to refrain
from making the incident public knowledge until all affected donors had
been notified.
http://www.sunherald.com/447/story/368296.html
14 February 2008 - Woman Sues Best Buy for US $54 Million Over Lost Laptop
A woman has filed a US $54 million lawsuit against Best Buy for losing
her computer. Raelyn Campbell acknowledges that the amount far exceeds
replacement cost and compensation, but she wants to draw attention to
the reprehensible state of consumer property and privacy protection at"
Best Buy. Campbell says that her computer was stolen from the Best Buy
store and that employees falsified records to hide that fact. She also
says they lied to her for weeks about the status of her computer.
Campbell brought her computer in for repairs in May 2007, and filed the
lawsuit in mid-November.
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=206504123
12 February 2008 - Unencrypted UK Army Laptop Left in Pub
A UK Army captain left a laptop computer containing sensitive
information in a pub. The unencrypted data include personal information
pertaining to more than 200 soldiers, military exercises information and
weapons store locations. Cabinet Secretary Sir Gus O'Donnell recently
ordered that laptops containing unencrypted data not be removed from
government offices. The laptop was handed in by the person who found
it in the pub.
http://www.thesun.co.uk/sol/homepage/news/article791210.ece
11 February 2008 - Spanish Police Arrest 76 for Internet Fraud
Seventy-six people arrested by Spanish police are believed to have
stolen more than 3 million Euros in a variety of Internet fraud schemes.
Some of the suspects allegedly sold expensive merchandise on auctions
sites but never sent the items. Other suspects allegedly used stolen
bank account information, probably stolen in a phishing scam, to siphon
money into their own accounts.
http://www.theregister.co.uk/2008/02/11/spanish_police_fraud_crackdown/print.html
11 February 2008 - Russian Computers Sending an Increasing Share of Spam
Experts at SophosLabs scanned all spam messages received in the
company's global network of spam traps, and found a dramatic rise in the
proportion of the world's spam messages being sent from compromised Russian computers. Russian now accounts for one in twelve junk mails
seen in inboxes. Between October-December 2007, the USA relayed far more
spam than any other country, because so many US computers have been
taken over by remote hackers.
http://www.sophos.com/pressoffice/news/articles/2008/02/dirtydozfeb08.html
7 February 2008 - South Bend Hospital Employee Data on Missing Computer
A laptop computer holding personally identifiable information of
approximately 4,300 current and former employees of Memorial Hospital
in South Bend, Indiana was lost last November. The data were on an
employee's computer that was lost while she was traveling; the computer
was not encrypted.
http://www.wsbt.com/news/local/15408791.html
29 January 2008 - Go Phish: Watch Out For These 10 Scams
Fools and their money have never been more quickly parted than in
cyberspace. Here's a list of top phishing scams to avoid.
http://newsletter.crn.com/cgi-bin4/DM/y/eBGgJ0IMYEL0ElQ0Fm4i0E2
13 January 2008 - Malware Hiding on Digital Devices
There have been three reports of consumers who found that digital
picture frames attempted to install malware on devices connected to the
frame. The frames were sold in different branches of the same store,
suggesting that the source of the infection was the factory or some
point during shipping. The malware appears to be a Trojan horse program
that hides itself like a rootkit once on a computer and tries to disable
the computer's ability to access anti-virus tools. The incidents
illustrate the necessity for users to be wary of all digital devices
with onboard memory. There have also been reports of hard disk drives
and digital music players attempting to install malware on computers.
These incidents appear to have been accidental, related to the
manufacturing process, but some believe it is just a matter of time
before such infections are intentional and malicious. It is also
possible that the items were purchased and returned, which would make
it possible for someone to install malware on a device and then return
it.
http://www.securityfocus.com/news/11499
10 January 2008 - Former Cox Employee Gets Prison Time for Causing Outage
William Bryant has been sentenced to five months in prison and five
months of home confinement for sabotaging his former employer's computer
system. He was also ordered to serve two years of supervised release,
perform 200 hours of community service, and pay more than US $15,000 in
restitution. Bryant worked at Cox Communications, which provides
computer and telecommunications services across the US. When Bryant was
asked to resign from Cox, he remotely shut down parts of the company's
network, which resulted in loss of services to customers in Texas, Las
Vegas, New Orleans, and Baton Rouge. In some cases, 911 emergency
services were affected as well. The services were back up within hours
of the attack.
http://www.northfulton.com/Articles-i-2007-12-27-169168.112113_Norcross_hacker_sent_to_prison.html
3 January 2008 - Stolen Laptops Hold Nashville Voter Data
Two laptop computers stolen from the Metro Office Building in Nashville,
Tennessee, hold the SSNs of approximately 337,000 Nashville voters; the
data are not encrypted. The break-in was discovered after a security
guard noticed the building was unusually cold; the thieves had broken a
window to gain access to the building. The video recorder that could
have captured evidence had been unplugged. The guard who was on duty
at the time of the theft has been fired. The Davidson County Election
Commission and two other departments questioned by the Metro Council's
Public Safety Committee about the incident say they have stepped up
physical security and have removed voters' SSNs from laptops. Alarms
have been placed on video recorders to alert staff. There is some
confusion as to whose responsibility it was to encrypt the data. The
election commission plans to establish a procedure for making sure
laptops are secured after business hours. The Davidson County Election
Commission is offering free identity theft protection to affected
voters.
http://www.tennessean.com/apps/pbcs.dll/article?AID=200880103134
3 January 2008 - Teen Draws 90-Day Sentence for Internet Service Disruption
A Wisconsin teenager was sentenced to 90 days in jail for breaking into
a computer network and cutting off Internet access to residents of the
Marshfield, Wisconsin area for 18 hours last April. Shaun Lancaster was
granted work-release status for his term. He was also ordered to serve
three years probation and to pay restitution of approximately US $6,000.
http://www.thenorthwestern.com/apps/pbcs.dll/article?AID=/20080103/OSH/80103040/1987
2 January 2008 - German Justice Minister Denies Music Companies Access to
Data for Civil Cases
German Justice Minister Brigitte Zypries says that the music industry
does not have the right to demand stored Internet data to pursue its
copyright violation allegations in civil cases. Only police and the
public prosecutor's office may use the stored data.
http://www.heise.de/english/newsticker/news/101210
1 January 2008 - Malware Development Outpacing Anti-Virus
Protecting computers from malware infections requires a combination of
anti-virus products, firewalls, tools that detect behavioral anomalies,
and good old-fashioned human caution. Anti-virus alone cannot do the
job because malware purveyors are growing skilled at releasing new
variants that won't immediately be detected by signature-based
anti-virus products. There are tools available on the Internet that
allow users to test whether pieces of code are detectable by different
anti-virus systems. Some malware creators have reportedly even set up
their own laboratories to ensure that their latest releases will have
time to infect computers before anti-virus companies learn of the new
malware's existence.
http://www.computerworld.com/action/article.do?command=printArticleBasic&articleId=9054758
27 December 2007 - Alleged Source Code Thief Arrested
A woman has been arrested and is being held on charges that she
allegedly stole US $12 million worth of sensitive data from her former
employer, Hinjewadi (India) based 3DPLM Software, just days before
leaving her job there. Anjali Sharma allegedly used her work computer
to send source code to her husband. Sharma's alleged actions violate a
non-disclosure agreement she signed when she began work at 3DPLM. http://www.dnaindia.com/report.asp?newsid=1141842
27 December 2007 - List Identifies Dubious Music Download Sites
The Center for Democracy and Technology (CDT) has released a list of 34
websites it says are misleading users by implying that mainstream music
can be downloaded from them. The sites charge subscription fees, which
users may assume are used to pay royalty costs, but the listed websites
have not obtained the necessary licensing agreements to distribute the
music. Instead, users are provided peer-to-peer file sharing software,
which is often available at no cost elsewhere, and given instructions
on using filesharing networks.
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=205203862
26 December 2007 - Disk Containing UK Police Data Found at Recycling Center
An obsolete computer that had been sent out to be recycled was found to
contain personally identifiable information of an unspecified number of
employees, including police officers, of Devon and Cornwall (UK) Police.
Assistant Chief Constable Bob Pennington has issued an apology and says
the incident is under investigation. Normally, disks are wiped clean
before computers are sent to be recycled. The disk containing the
information was found by a man looking for parts at a recycling center.
http://news.bbc.co.uk/2/hi/uk_news/england/devon/7160490.stm
22 December 2007 - Identity Thief Targets Municipal Court Website
An identity thief apparently entered random Social Security numbers
(SSNs) into the Franklin County (Ohio) Municipal Court website, hoping
to find a match. According to police, the thief stole personally
identifiable information, such as names, ages and addresses of hundreds
of people, and used the information to open bank accounts and credit
cards. The site contains information about people convicted of
misdemeanors; the data theft affects people from Ohio, Kentucky, South
Carolina, Texas, and Wyoming.
http://www.coshoctontribune.com/apps/pbcs.dll/article?AID=/20071222/NEWS01/712220309/1002
